firewall: add firewalld functionality to firewall plugin

Example of usage, which uses flannel for allocating IP addresses for containers and then registers them in `trusted` zone in firewalld: { "cniVersion": "0.3.1", "name": "flannel-firewalld", "plugins": [ { "name": "cbr0", "type": "flannel", "delegate": { "isDefaultGateway": true } }, { "type": "firewall", "backend": "firewalld", "zone": "trusted" } ] } Fixes #114 Signed-off-by: Alban Crequy <alban@kinvolk.io> Signed-off-by: Michal Rostecki <mrostecki@suse.com>
2018-02-06 17:19:17 +01:00
parent eb66fc201c
commit 9d6f1e9975
5 changed files with 386 additions and 21 deletions
--- a/plugins/meta/firewall/firewall.go
+++ b/plugins/meta/firewall/firewall.go
@ -74,20 +74,22 @@ func parseConf(data []byte) (*FirewallNetConf, error) {
 	}

 	// Parse previous result.
-	if conf.RawPrevResult != nil {
-		resultBytes, err := json.Marshal(conf.RawPrevResult)
-		if err != nil {
-			return nil, fmt.Errorf("could not serialize prevResult: %v", err)
-		}
-		res, err := version.NewResult(conf.CNIVersion, resultBytes)
-		if err != nil {
-			return nil, fmt.Errorf("could not parse prevResult: %v", err)
-		}
-		conf.RawPrevResult = nil
-		conf.PrevResult, err = current.NewResultFromResult(res)
-		if err != nil {
-			return nil, fmt.Errorf("could not convert result to current version: %v", err)
-		}
+	if conf.RawPrevResult == nil {
+		return nil, fmt.Errorf("missing prevResult from earlier plugin")
+	}
+
+	resultBytes, err := json.Marshal(conf.RawPrevResult)
+	if err != nil {
+		return nil, fmt.Errorf("could not serialize prevResult: %v", err)
+	}
+	res, err := version.NewResult(conf.CNIVersion, resultBytes)
+	if err != nil {
+		return nil, fmt.Errorf("could not parse prevResult: %v", err)
+	}
+	conf.RawPrevResult = nil
+	conf.PrevResult, err = current.NewResultFromResult(res)
+	if err != nil {
+		return nil, fmt.Errorf("could not convert result to current version: %v", err)
 	}

 	return &conf, nil